Managing Enterprise Firewall Configurations

Managing Enterprise Firewall Configurations

By William Gertz (‎Bill‎)
Date: Thursday, 24 July 2003 14:45
Duration: 20 minutes
Language:

There are problems that non object-orientated Perl can solve elegantly
and quickly. On the other hand there are problems that demand an
object-oriented (OO) solution. This talk covers the lessons and
techniques learned to create a fully OO Perl toolkit for managing
complex configurations.

Fire Wall 1 Tool Suite (FW1TS) is an object-oriented Perl module to
manage large Checkpoint FW-1 configurations. Checkpoint's native
drill-down GUI interface is useful for maintaining small
configurations. However, once an installation grows over 5,000
objects with over 200,000 attributes Checkpoint's interface is, at
best, tedious. Perl is the ideal solution to manage these systems,
but the solution is not straightforward. The configuration structure
is an implicitly typed inter-referential hierarchal structure with
each node containing attributes or further sub-nodes. Non-OO Perl is
not suited to the task; simple search and replace scripts would damage
the hierarchal and reference structures. The FW1TS Perl module frees
administrators to manage and build large systems without a casualty
ward case of mouse shoulder.

The FW1TS module provides primitives to manage systems using complex
hierarchal configurations. This talk covers how the object classes
were defined and then encoded in Perl modules.